How does Ping deploy Security Token Services and universal token translation?

PingFederate includes a WS-Trust compliant Security Token Service (STS) that performs universal token translation by accepting one type of security token as input and producing an equivalent security token of a different type as output. It uses a plug-in architecture to support the processing and generation of different token types. It is accessed programmatically via STS Client SDKs and via third party WS-Trust clients such as Amberpoint.

Components of the PingFederate Security Token Service

PingFederate Security Token Translators are plug-ins that allow the STS to process (i.e. consume) and/or generate particular types of security tokens. Token Translators for several common token types are available from Ping Identity including x.509, SiteMinder and Kerberos. Users can also build custom Token Translators using the Token Translator SDK if needed. The PingFederate .NET and Java Client SDKs act as WS-Trust clients and allow programs written in .NET and Java to interact with the PingFederate STS. PingFederate can also work with third party WS-Trust clients such as AmberPoint.

The Token Translator SDK allows users to create their own token processor and generator plug-ins. Learn more about Universal Token Translator use cases in the Use Cases section.

When comparing one vendor's STS against another's, be sure to focus on ease of deployment, on which token formats are supported, and on what other supporting infrastructure is required to make the STS functional. Many Security Token Services that are included with identity stacks have heavy dependencies and may require extensive upgrades to bring all of the stack component versions up to an adequate support level. PingFederate's STS has no such dependencies and is included with the base PingFederate server.